| 基于环境的Fuzzing测试技术 |
| |
| 引用本文: | 张美超,曾凡平,潘能刚,黄玉涵.基于环境的Fuzzing测试技术[J].小型微型计算机系统,2011,32(10). |
| |
| 作者姓名: | 张美超 曾凡平 潘能刚 黄玉涵 |
| |
| 作者单位: | 1. 中国科学技术大学计算机科学与技术学院,合肥,230026
2. 中国科学技术大学计算机科学与技术学院,合肥230026;安徽省计算与通讯软件重点实验室,合肥230026 |
| |
| 摘 要: | 鉴于传统Fuzzing(模糊)测试技术在测试漏洞库中已有漏洞时覆盖率偏低的特点,提出一种基于环境的Fuzzing测试技术.通过提取程序运行所需的操作系统环境、中间件库函数依赖、环境变量等不可信环境因子,构造相应的包含了环境特征的Fuzzing测试用例集.这样的测试用例集合对漏洞库中的已有漏洞表现出了更全面的覆盖,同时还可以有效地发掘未知漏洞.以sftp服务器测试为例,选取Windows平台下的5款sftp服务器软件进行测试,除可以发掘已有漏洞外,还发现了3款软件的3个新漏洞,提交SecurityFocus并通过.
|
| 关 键 词: | Fuzzing 环境 漏洞挖掘 sftp服务器 |
Fuzzing Testing Based on Environment |
| |
| ZHANG Mei-chao
,
ZENG Fan-ping
,
PAN Neng-gang
,
HUANG Yu-han.Fuzzing Testing Based on Environment[J].Mini-micro Systems,2011,32(10). |
| |
| Authors: | ZHANG Mei-chao ZENG Fan-ping PAN Neng-gang HUANG Yu-han |
| |
| Affiliation: | ZHANG Mei-chao1,ZENG Fan-ping1,2,PAN Neng-gang1,HUANG Yu-han1 1(School of Computer Science and Technology,University of Science and Technology of China,Hefei 230026,China) 2(Anhui Province Key Lab of Software in Computing and Communication,China) |
| |
| Abstract: | Considering the low coverage of test suites generated by traditional fuzzing testing techniques when used for detecting vulnerabilities in the vulnerability database,we propose a fuzzing testing method based on environment in this paper.According to the untrustful environment factors we extract such as operating system,middleware,library functions,environment variables,test cases with environmental features are constructed for further fuzzing testing.The test cases gain higher coverage of the vulnerabilitie... |
| |
| Keywords: | Fuzzing environment vulnerability detection sftp server |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
